Guidance for securing the Data Link Connector (DLC)
On-Board Diagnostic (OBD) regulations require passenger cars, and light and medium duty trucks, to provide a Data Link Connector to support communication of diagnostic information to off-board devices. Legislated diagnostic information is also required to be communicated in a timely fashion to the off-board devices. Many vehicle manufacturers also provide access to enhanced diagnostic information and vehicle systems/subsystems via this connector. Generally, there are two forms of communication methodologies used in current vehicles:
a. Open access to communication busses
b. Communication busses isolated via a gateway
This document provides guidelines for securing communications with any off-board device for vehicles utilizing either methodology.
Rationale: This document has been issued to help meet the request from the US Congress to NHTSA to provide guidance to OEMs in securing the Data Link Connector (DLC) (commonly referred to as the “OBD-II Port”) from the cybersecurity risks posed by the existence of this connector.